Export limit exceeded: 23152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23152 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25522 | 1 Linksys | 2 Wap610n, Wap610n Firmware | 2025-06-06 | 7.3 High |
| Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | ||||
| CVE-2025-5619 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-06 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-0576 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-06-06 | 8.8 High |
| A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5572 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-06 | 8.8 High |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-51955 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-06 | 6.5 Medium |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | ||||
| CVE-2024-38950 | 1 Struktur | 1 Libde265 | 2025-06-06 | 6.5 Medium |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. | ||||
| CVE-2024-38949 | 1 Struktur | 1 Libde265 | 2025-06-06 | 6.5 Medium |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc | ||||
| CVE-2025-5624 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 9.8 Critical |
| A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-5622 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 9.8 Critical |
| A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-5623 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 9.8 Critical |
| A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-5629 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-06 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5630 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 9.8 Critical |
| A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-50007 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-06 | 4 Medium |
| FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. | ||||
| CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2025-06-05 | 7.3 High |
| Windows libarchive Remote Code Execution Vulnerability | ||||
| CVE-2024-22705 | 1 Linux | 1 Linux Kernel | 2025-06-05 | 7.8 High |
| An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | ||||
| CVE-2025-5074 | 1 Freefloat | 1 Ftp Server | 2025-06-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5073 | 1 Freefloat | 1 Ftp Server | 2025-06-05 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22919 | 1 Swftools | 1 Swftools | 2025-06-05 | 7.8 High |
| swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | ||||
| CVE-2025-5215 | 1 Dlink | 2 Dcs-5020l, Dcs-5020l Firmware | 2025-06-05 | 8.8 High |
| A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-5218 | 1 Freefloat | 1 Ftp Server | 2025-06-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||